Merge b069ca6005 into 601df9ecd3

Fix cgroups determination in exec implementation (#2720 )
* Set cgroups path for tenant containers from main container Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> * Ignore new_user_ns for creating cgroups path Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> * Remove user_ns param completely Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> * Add tests in podman rootless for exec Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> * Fix add_task implementation for cgroups v2 and systemd Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> * minor refactor in tenant builder Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> * Add unit test for systemd add_task function Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> * Fix task addition to properly add tasks via dbus api Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> * Fix cross cotainers for tests running Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> --------- Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com>
2024-05-11 18:16:12 +02:00 · 2024-04-27 16:35:13 -04:00 · 2024-04-27 21:49:58 +09:00 · 2024-04-24 05:36:17 +00:00 · 2024-04-22 05:17:10 +00:00 · 2024-04-22 10:45:06 +05:30
26 changed files with 669 additions and 288 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -185,7 +185,7 @@ dependencies = [
 "cfg-if",
 "libc",
 "miniz_oxide",
- "object",
+ "object 0.32.2",
 "rustc-demangle",
 ]

@ -219,7 +219,7 @@ dependencies = [
 "bitflags 2.5.0",
 "cexpr",
 "clang-sys",
- "itertools 0.12.1",
+ "itertools",
 "lazy_static",
 "lazycell",
 "proc-macro2",
@ -308,9 +308,9 @@ dependencies = [

 [[package]]
 name = "cap-fs-ext"
-version = "2.0.1"
+version = "3.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "88e341d15ac1029aadce600be764a1a1edafe40e03cde23285bc1d261b3a4866"
+checksum = "769f8cd02eb04d57f14e2e371ebb533f96817f9b2525d73a5c72b61ca7973747"
 dependencies = [
 "cap-primitives",
 "cap-std",
@ -318,23 +318,11 @@ dependencies = [
 "windows-sys 0.52.0",
 ]

-[[package]]
-name = "cap-net-ext"
-version = "2.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "434168fe6533055f0f4204039abe3ff6d7db338ef46872a5fa39e9d5ad5ab7a9"
-dependencies = [
- "cap-primitives",
- "cap-std",
- "rustix",
- "smallvec",
-]
-
 [[package]]
 name = "cap-primitives"
-version = "2.0.1"
+version = "3.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fe16767ed8eee6d3f1f00d6a7576b81c226ab917eb54b96e5f77a5216ef67abb"
+checksum = "90a0b44fc796b1a84535a63753d50ba3972c4db55c7255c186f79140e63d56d0"
 dependencies = [
 "ambient-authority",
 "fs-set-times",
@ -349,9 +337,9 @@ dependencies = [

 [[package]]
 name = "cap-rand"
-version = "2.0.1"
+version = "3.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "20e5695565f0cd7106bc3c7170323597540e772bb73e0be2cd2c662a0f8fa4ca"
+checksum = "4327f08daac33a99bb03c54ae18c8f32c3ba31c728a33ddf683c6c6a5043de68"
 dependencies = [
 "ambient-authority",
 "rand",
@ -359,9 +347,9 @@ dependencies = [

 [[package]]
 name = "cap-std"
-version = "2.0.1"
+version = "3.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "593db20e4c51f62d3284bae7ee718849c3214f93a3b94ea1899ad85ba119d330"
+checksum = "266626ce180cf9709f317d0bf9754e3a5006359d87f4bf792f06c9c5f1b63c0f"
 dependencies = [
 "cap-primitives",
 "io-extras",
@ -371,9 +359,9 @@ dependencies = [

 [[package]]
 name = "cap-time-ext"
-version = "2.0.1"
+version = "3.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "03261630f291f425430a36f38c847828265bc928f517cdd2004c56f4b02f002b"
+checksum = "e1353421ba83c19da60726e35db0a89abef984b3be183ff6f58c5b8084fcd0c5"
 dependencies = [
 "ambient-authority",
 "cap-primitives",
@ -595,9 +583,9 @@ dependencies = [

 [[package]]
 name = "cpp_demangle"
-version = "0.3.5"
+version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eeaa953eaad386a53111e47172c2fedba671e5684c8dd601a5f474f4f118710f"
+checksum = "7e8227005286ec39567949b33df9896bcadfa6051bccca2488129f108ca23119"
 dependencies = [
 "cfg-if",
 ]
@ -622,11 +610,11 @@ dependencies = [

 [[package]]
 name = "cranelift-bforest"
-version = "0.105.3"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "16d5521e2abca66bbb1ddeecbb6f6965c79160352ae1579b39f8c86183895c24"
+checksum = "79b27922a6879b5b5361d0a084cb0b1941bf109a98540addcb932da13b68bed4"
 dependencies = [
- "cranelift-entity 0.105.3",
+ "cranelift-entity 0.107.0",
 ]

 [[package]]
@ -652,17 +640,17 @@ dependencies = [

 [[package]]
 name = "cranelift-codegen"
-version = "0.105.3"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ef40a4338a47506e832ac3e53f7f1375bc59351f049a8379ff736dd02565bd95"
+checksum = "304c455b28bf56372729acb356afbb55d622f2b0f2f7837aa5e57c138acaac4d"
 dependencies = [
 "bumpalo",
- "cranelift-bforest 0.105.3",
- "cranelift-codegen-meta 0.105.3",
- "cranelift-codegen-shared 0.105.3",
+ "cranelift-bforest 0.107.0",
+ "cranelift-codegen-meta 0.107.0",
+ "cranelift-codegen-shared 0.107.0",
 "cranelift-control",
- "cranelift-entity 0.105.3",
- "cranelift-isle 0.105.3",
+ "cranelift-entity 0.107.0",
+ "cranelift-isle 0.107.0",
 "gimli 0.28.1",
 "hashbrown 0.14.3",
 "log",
@ -682,11 +670,11 @@ dependencies = [

 [[package]]
 name = "cranelift-codegen-meta"
-version = "0.105.3"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d24cd5d85985c070f73dfca07521d09086362d1590105ba44b0932bf33513b61"
+checksum = "1653c56b99591d07f67c5ca7f9f25888948af3f4b97186bff838d687d666f613"
 dependencies = [
- "cranelift-codegen-shared 0.105.3",
+ "cranelift-codegen-shared 0.107.0",
 ]

 [[package]]
@ -697,15 +685,15 @@ checksum = "278e52e29c53fcf32431ef08406c295699a70306d05a0715c5b1bf50e33a9ab7"

 [[package]]
 name = "cranelift-codegen-shared"
-version = "0.105.3"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e0584c4363e3aa0a3c7cb98a778fbd5326a3709f117849a727da081d4051726c"
+checksum = "f5b6a9cf6b6eb820ee3f973a0db313c05dc12d370f37b4fe9630286e1672573f"

 [[package]]
 name = "cranelift-control"
-version = "0.105.3"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f25ecede098c6553fdba362a8e4c9ecb8d40138363bff47f9712db75be7f0571"
+checksum = "d9d06e6bf30075fb6bed9e034ec046475093392eea1aff90eb5c44c4a033d19a"
 dependencies = [
 "arbitrary",
 ]
@ -732,9 +720,9 @@ checksum = "9a59bcbca89c3f1b70b93ab3cbba5e5e0cbf3e63dadb23c7525cb142e21a9d4c"

 [[package]]
 name = "cranelift-entity"
-version = "0.105.3"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6ea081a42f25dc4c5b248b87efdd87dcd3842a1050a37524ec5391e6172058cb"
+checksum = "29be04f931b73cdb9694874a295027471817f26f26d2f0ebe5454153176b6e3a"
 dependencies = [
 "serde",
 "serde_derive",
@ -754,11 +742,11 @@ dependencies = [

 [[package]]
 name = "cranelift-frontend"
-version = "0.105.3"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9796e712f5af797e247784f7518e6b0a83a8907d73d51526982d86ecb3a58b68"
+checksum = "a07fd7393041d7faa2f37426f5dc7fc04003b70988810e8c063beefeff1cd8f9"
 dependencies = [
- "cranelift-codegen 0.105.3",
+ "cranelift-codegen 0.107.0",
 "log",
 "smallvec",
 "target-lexicon",
@ -772,34 +760,34 @@ checksum = "393bc73c451830ff8dbb3a07f61843d6cb41a084f9996319917c0b291ed785bb"

 [[package]]
 name = "cranelift-isle"
-version = "0.105.3"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f4a66ccad5782f15c80e9dd5af0df4acfe6e3eee98e8f7354a2e5c8ec3104bdd"
+checksum = "f341d7938caa6dff8149dac05bb2b53fc680323826b83b4cf175ab9f5139a3c9"

 [[package]]
 name = "cranelift-native"
-version = "0.105.3"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "285e80df1d9b79ded9775b285df68b920a277b84f88a7228d2f5bc31fcdc58eb"
+checksum = "82af6066e6448d26eeabb7aa26a43f7ff79f8217b06bade4ee6ef230aecc8880"
 dependencies = [
- "cranelift-codegen 0.105.3",
+ "cranelift-codegen 0.107.0",
 "libc",
 "target-lexicon",
 ]

 [[package]]
 name = "cranelift-wasm"
-version = "0.105.3"
+version = "0.107.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4135b0ab01fd16aa8f8821196e9e2fe15953552ccaef8ba5153be0ced04ef757"
+checksum = "2766fab7284a914a7f17f90ebe865c86453225fb8637ac31f123f5028fee69cd"
 dependencies = [
- "cranelift-codegen 0.105.3",
- "cranelift-entity 0.105.3",
- "cranelift-frontend 0.105.3",
- "itertools 0.10.5",
+ "cranelift-codegen 0.107.0",
+ "cranelift-entity 0.107.0",
+ "cranelift-frontend 0.107.0",
+ "itertools",
 "log",
 "smallvec",
- "wasmparser 0.121.2",
+ "wasmparser 0.202.0",
 "wasmtime-types",
 ]

@ -1828,15 +1816,6 @@ dependencies = [
 "serde",
 ]

-[[package]]
-name = "itertools"
-version = "0.10.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473"
-dependencies = [
- "either",
-]
-
 [[package]]
 name = "itertools"
 version = "0.12.1"
@ -2372,6 +2351,15 @@ name = "object"
 version = "0.32.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441"
+dependencies = [
+ "memchr",
+]
+
+[[package]]
+name = "object"
+version = "0.33.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d8dd6c0cdf9429bce006e1362bfce61fa1bfd8c898a643ed8d2b471934701d3d"
 dependencies = [
 "crc32fast",
 "hashbrown 0.14.3",
@ -3199,9 +3187,9 @@ dependencies = [

 [[package]]
 name = "rustls"
-version = "0.21.10"
+version = "0.21.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba"
+checksum = "7fecbfb7b1444f477b345853b1fce097a2c6fb637b2bfb87e6bc5db0f043fae4"
 dependencies = [
 "log",
 "ring",
@ -3258,6 +3246,15 @@ dependencies = [
 "winapi-util",
 ]

+[[package]]
+name = "scc"
+version = "2.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec96560eea317a9cc4e0bb1f6a2c93c09a19b8c4fc5cb3fcc0ec1c094cd783e2"
+dependencies = [
+ "sdd",
+]
+
 [[package]]
 name = "schannel"
 version = "0.1.23"
@ -3289,6 +3286,12 @@ dependencies = [
 "untrusted",
 ]

+[[package]]
+name = "sdd"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b84345e4c9bd703274a082fb80caaa99b7612be48dfaa1dd9266577ec412309d"
+
 [[package]]
 name = "seahash"
 version = "4.1.0"
@ -3442,23 +3445,23 @@ dependencies = [

 [[package]]
 name = "serial_test"
-version = "3.0.0"
+version = "3.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "953ad9342b3aaca7cb43c45c097dd008d4907070394bd0751a0aa8817e5a018d"
+checksum = "adb86f9315df5df6a70eae0cc22395a44e544a0d8897586820770a35ede74449"
 dependencies = [
- "dashmap",
 "futures",
- "lazy_static",
 "log",
+ "once_cell",
 "parking_lot",
+ "scc",
 "serial_test_derive",
 ]

 [[package]]
 name = "serial_test_derive"
-version = "3.0.0"
+version = "3.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b93fb4adc70021ac1b47f7d45e8cc4169baaa7ea58483bc5b721d19a26202212"
+checksum = "a9bb72430492e9549b0c4596725c0f82729bff861c45aa8099c0a8e67fc3b721"
 dependencies = [
 "proc-macro2",
 "quote",
@ -3741,9 +3744,9 @@ dependencies = [

 [[package]]
 name = "system-interface"
-version = "0.26.1"
+version = "0.27.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0682e006dd35771e392a6623ac180999a9a854b1d4a6c12fb2e804941c2b1f58"
+checksum = "b858526d22750088a9b3cf2e3c2aacebd5377f13adeec02860c30d09113010a6"
 dependencies = [
 "bitflags 2.5.0",
 "cap-fs-ext",
@ -3834,18 +3837,18 @@ dependencies = [

 [[package]]
 name = "thiserror"
-version = "1.0.58"
+version = "1.0.59"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "03468839009160513471e86a034bb2c5c0e4baae3b43f79ffc55c4a5427b3297"
+checksum = "f0126ad08bff79f29fc3ae6a55cc72352056dfff61e3ff8bb7129476d44b23aa"
 dependencies = [
 "thiserror-impl",
 ]

 [[package]]
 name = "thiserror-impl"
-version = "1.0.58"
+version = "1.0.59"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c61f3ba182994efc43764a46c018c347bc492c79f024e705f46567b418f6d4f7"
+checksum = "d1cd413b5d558b4c5bf3680e324a6fa5014e7b7c067a51e69dbdf47eb7148b66"
 dependencies = [
 "proc-macro2",
 "quote",
@ -4011,15 +4014,6 @@ dependencies = [
 "tracing",
 ]

-[[package]]
-name = "toml"
-version = "0.5.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234"
-dependencies = [
- "serde",
-]
-
 [[package]]
 name = "toml"
 version = "0.7.8"
@ -4480,9 +4474,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"

 [[package]]
 name = "wasi-common"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "95e022c29ad56af4cc0a8a8f0e0191abf9e0a0c4a68d25dfe088c39c9a8e3d2c"
+checksum = "63255d85e10627b07325d7cf4e5fe5a40fa4ff183569a0a67931be26d50ede07"
 dependencies = [
 "anyhow",
 "bitflags 2.5.0",
@ -4593,15 +4587,6 @@ version = "0.2.84"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d"

-[[package]]
-name = "wasm-encoder"
-version = "0.41.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "972f97a5d8318f908dded23594188a90bcd09365986b1163e66d70170e5287ae"
-dependencies = [
- "leb128",
-]
-
 [[package]]
 name = "wasm-encoder"
 version = "0.202.0"
@ -4914,9 +4899,9 @@ dependencies = [

 [[package]]
 name = "wasmparser"
-version = "0.121.2"
+version = "0.202.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9dbe55c8f9d0dbd25d9447a5a889ff90c0cc3feaa7395310d3d826b2c703eaab"
+checksum = "d6998515d3cf3f8b980ef7c11b29a9b1017d4cf86b99ae93b546992df9931413"
 dependencies = [
 "bitflags 2.5.0",
 "indexmap 2.2.6",
@ -4925,19 +4910,19 @@ dependencies = [

 [[package]]
 name = "wasmprinter"
-version = "0.2.80"
+version = "0.202.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "60e73986a6b7fdfedb7c5bf9e7eb71135486507c8fbc4c0c42cffcb6532988b7"
+checksum = "ab1cc9508685eef9502e787f4d4123745f5651a1e29aec047645d3cac1e2da7a"
 dependencies = [
 "anyhow",
- "wasmparser 0.121.2",
+ "wasmparser 0.202.0",
 ]

 [[package]]
 name = "wasmtime"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8106d7d22d63d1bcb940e22dcc7b03e46f0fc8bfbaf2fd7b6cb8f448f9449774"
+checksum = "5a5990663c28d81015ddbb02a068ac1bf396a4ea296eba7125b2dfc7c00cb52e"
 dependencies = [
 "addr2line",
 "anyhow",
@ -4952,17 +4937,18 @@ dependencies = [
 "ittapi",
 "libc",
 "log",
- "object",
+ "object 0.33.0",
 "once_cell",
 "paste",
 "rayon",
 "rustix",
+ "semver 1.0.22",
 "serde",
 "serde_derive",
 "serde_json",
 "target-lexicon",
- "wasm-encoder 0.41.2",
- "wasmparser 0.121.2",
+ "wasm-encoder",
+ "wasmparser 0.202.0",
 "wasmtime-cache",
 "wasmtime-component-macro",
 "wasmtime-component-util",
@ -4972,6 +4958,7 @@ dependencies = [
 "wasmtime-jit-debug",
 "wasmtime-jit-icache-coherence",
 "wasmtime-runtime",
+ "wasmtime-slab",
 "wasmtime-winch",
 "wat",
 "windows-sys 0.52.0",
@ -4979,18 +4966,18 @@ dependencies = [

 [[package]]
 name = "wasmtime-asm-macros"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3b0cf02cea951ace34ee3b0e64b7f446c3519d1c95ad75bc5330f405e275ee8f"
+checksum = "625ee94c72004f3ea0228989c9506596e469517d7d0ed66f7300d1067bdf1ca9"
 dependencies = [
 "cfg-if",
 ]

 [[package]]
 name = "wasmtime-cache"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3249204a71d728d53fb3eea18afd0473f87e520445707a4d567ac4da0bb3eb5d"
+checksum = "98534bf28de232299e83eab33984a7a6c40c69534d6bd0ea216150b63d41a83a"
 dependencies = [
 "anyhow",
 "base64",
@ -5001,16 +4988,16 @@ dependencies = [
 "serde",
 "serde_derive",
 "sha2",
- "toml 0.5.11",
+ "toml 0.8.12",
 "windows-sys 0.52.0",
 "zstd",
 ]

 [[package]]
 name = "wasmtime-component-macro"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7d3786c0531565ec6c9852c0e46299f06cb6e4b58d36e30f3c234cfa69bde376"
+checksum = "64f84414a25ee3a624c8b77550f3fe7b5d8145bd3405ca58886ee6900abb6dc2"
 dependencies = [
 "anyhow",
 "proc-macro2",
@ -5023,72 +5010,55 @@ dependencies = [

 [[package]]
 name = "wasmtime-component-util"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81eae2ec98027ee0b3950da83bc320120a23087ac4d39b3d59201cb5ebf52777"
+checksum = "78580bdb4e04c7da3bf98088559ca1d29382668536e4d5c7f2f966d79c390307"

 [[package]]
 name = "wasmtime-cranelift"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "595abdb067acdc812ab0f21d8d46d5aa4022392aa7c3e0632c20bff9ec49ffb4"
+checksum = "b60df0ee08c6a536c765f69e9e8205273435b66d02dd401e938769a2622a6c1a"
 dependencies = [
 "anyhow",
 "cfg-if",
- "cranelift-codegen 0.105.3",
+ "cranelift-codegen 0.107.0",
 "cranelift-control",
- "cranelift-entity 0.105.3",
- "cranelift-frontend 0.105.3",
+ "cranelift-entity 0.107.0",
+ "cranelift-frontend 0.107.0",
 "cranelift-native",
 "cranelift-wasm",
 "gimli 0.28.1",
 "log",
- "object",
+ "object 0.33.0",
 "target-lexicon",
 "thiserror",
- "wasmparser 0.121.2",
- "wasmtime-cranelift-shared",
+ "wasmparser 0.202.0",
 "wasmtime-environ",
 "wasmtime-versioned-export-macros",
 ]

-[[package]]
-name = "wasmtime-cranelift-shared"
-version = "18.0.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e8c24c1fdea167b992d82ebe76471fd1cbe7b0b406bc72f9250f86353000134e"
-dependencies = [
- "anyhow",
- "cranelift-codegen 0.105.3",
- "cranelift-control",
- "cranelift-native",
- "gimli 0.28.1",
- "object",
- "target-lexicon",
- "wasmtime-environ",
-]
-
 [[package]]
 name = "wasmtime-environ"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3279d510005358141550d8a90a5fc989d7e81748e5759d582fe6bfdcbf074a04"
+checksum = "64ffc1613db69ee47c96738861534f9a405e422a5aa00224fbf5d410b03fb445"
 dependencies = [
 "anyhow",
 "bincode",
 "cpp_demangle",
- "cranelift-entity 0.105.3",
+ "cranelift-entity 0.107.0",
 "gimli 0.28.1",
 "indexmap 2.2.6",
 "log",
- "object",
+ "object 0.33.0",
 "rustc-demangle",
 "serde",
 "serde_derive",
 "target-lexicon",
 "thiserror",
- "wasm-encoder 0.41.2",
- "wasmparser 0.121.2",
+ "wasm-encoder",
+ "wasmparser 0.202.0",
 "wasmprinter",
 "wasmtime-component-util",
 "wasmtime-types",
@ -5096,9 +5066,9 @@ dependencies = [

 [[package]]
 name = "wasmtime-fiber"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b1df665f2117741d1265f5663b0d93068b18120c2c4b18b9faed49d00d92c31"
+checksum = "f043514a23792761c5765f8ba61a4aa7d67f260c0c37494caabceb41d8ae81de"
 dependencies = [
 "anyhow",
 "cc",
@ -5111,11 +5081,11 @@ dependencies = [

 [[package]]
 name = "wasmtime-jit-debug"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "63f307739370736e5b0cd2b45910ff96bcda6d5d68b2c4384bcedb0af4f3b321"
+checksum = "9c0ca2ad8f5d2b37f507ef1c935687a690e84e9f325f5a2af9639440b43c1f0e"
 dependencies = [
- "object",
+ "object 0.33.0",
 "once_cell",
 "rustix",
 "wasmtime-versioned-export-macros",
@ -5123,9 +5093,9 @@ dependencies = [

 [[package]]
 name = "wasmtime-jit-icache-coherence"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "866634605089b4632b32226b54aa3670d72e1849f9fc425c7e50b3749c2e6df3"
+checksum = "7a9f93a3289057b26dc75eb84d6e60d7694f7d169c7c09597495de6e016a13ff"
 dependencies = [
 "cfg-if",
 "libc",
@ -5134,9 +5104,9 @@ dependencies = [

 [[package]]
 name = "wasmtime-runtime"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e11185c88cadf595d228f5ae4ff9b4badbf9ca98dcb37b0310c36e31fa74867f"
+checksum = "c6332a2b0af4224c3ea57c857ad39acd2780ccc2b0c99ba1baa01864d90d7c94"
 dependencies = [
 "anyhow",
 "cc",
@ -5145,102 +5115,75 @@ dependencies = [
 "indexmap 2.2.6",
 "libc",
 "log",
- "mach",
+ "mach2",
 "memfd",
 "memoffset 0.9.1",
 "paste",
 "psm",
 "rustix",
 "sptr",
- "wasm-encoder 0.41.2",
+ "wasm-encoder",
 "wasmtime-asm-macros",
 "wasmtime-environ",
 "wasmtime-fiber",
 "wasmtime-jit-debug",
+ "wasmtime-slab",
 "wasmtime-versioned-export-macros",
- "wasmtime-wmemcheck",
 "windows-sys 0.52.0",
 ]

 [[package]]
-name = "wasmtime-types"
-version = "18.0.3"
+name = "wasmtime-slab"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f32377cbd827bee06fcb2f6bf97b0477fdcc86888bbe6db7b9cab8e644082e0a"
+checksum = "8b3655075824a374c536a2b2cc9283bb765fcdf3d58b58587862c48571ad81ef"
+
+[[package]]
+name = "wasmtime-types"
+version = "20.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b98cf64a242b0b9257604181ca28b28a5fcaa4c9ea1d396f76d1d2d1c5b40eef"
 dependencies = [
- "cranelift-entity 0.105.3",
+ "cranelift-entity 0.107.0",
 "serde",
 "serde_derive",
 "thiserror",
- "wasmparser 0.121.2",
+ "wasmparser 0.202.0",
 ]

 [[package]]
 name = "wasmtime-versioned-export-macros"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4ab8d7566d206c42f8cf1d4ac90c5e40d3582e8eabad9b3b67e9e73c61fc47a1"
+checksum = "8561d9e2920db2a175213d557d71c2ac7695831ab472bbfafb9060cd1034684f"
 dependencies = [
 "proc-macro2",
 "quote",
 "syn 2.0.58",
 ]

-[[package]]
-name = "wasmtime-wasi"
-version = "18.0.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9ca912bda309188bd25ab7652c6654b34aacdf43047c716ee1cb685a28079078"
-dependencies = [
- "anyhow",
- "async-trait",
- "bitflags 2.5.0",
- "bytes",
- "cap-fs-ext",
- "cap-net-ext",
- "cap-rand",
- "cap-std",
- "cap-time-ext",
- "fs-set-times",
- "futures",
- "io-extras",
- "io-lifetimes",
- "log",
- "once_cell",
- "rustix",
- "system-interface",
- "thiserror",
- "tokio",
- "tracing",
- "url",
- "wasi-common",
- "wasmtime",
- "wiggle",
- "windows-sys 0.52.0",
-]
-
 [[package]]
 name = "wasmtime-winch"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ba5a97bfccc241d1769cef75eb16f472a893982704d5f3c9c71c431c1484344a"
+checksum = "a06b573d14ac846a0fb8c541d8fca6a64acf9a1d176176982472274ab1d2fa5d"
 dependencies = [
 "anyhow",
- "cranelift-codegen 0.105.3",
+ "cranelift-codegen 0.107.0",
 "gimli 0.28.1",
- "object",
+ "object 0.33.0",
 "target-lexicon",
- "wasmparser 0.121.2",
- "wasmtime-cranelift-shared",
+ "wasmparser 0.202.0",
+ "wasmtime-cranelift",
 "wasmtime-environ",
 "winch-codegen",
 ]

 [[package]]
 name = "wasmtime-wit-bindgen"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "faf2c76781a27e07802669f6f0e11eb4441546407eb65be60c3d862200988b92"
+checksum = "595bc7bb3b0ff4aa00fab718c323ea552c3034d77abc821a35112552f2ea487a"
 dependencies = [
 "anyhow",
 "heck 0.4.1",
@ -5248,12 +5191,6 @@ dependencies = [
 "wit-parser",
 ]

-[[package]]
-name = "wasmtime-wmemcheck"
-version = "18.0.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3847d969bd203b8cd239f89581e52432a0f00b8c5c9bc917be2fccd7542c4f2f"
-
 [[package]]
 name = "wast"
 version = "35.0.2"
@ -5273,7 +5210,7 @@ dependencies = [
 "leb128",
 "memchr",
 "unicode-width",
- "wasm-encoder 0.202.0",
+ "wasm-encoder",
 ]

 [[package]]
@ -5365,9 +5302,9 @@ dependencies = [

 [[package]]
 name = "wiggle"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a7ecd6e1ffba1278cfd24a001a13da11d86801e0ad9342f11a370ce0df50e14"
+checksum = "1b6552dda951239e219c329e5a768393664e8d120c5e0818487ac2633f173b1f"
 dependencies = [
 "anyhow",
 "async-trait",
@ -5380,9 +5317,9 @@ dependencies = [

 [[package]]
 name = "wiggle-generate"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c5490497a35d67040d4f2fd2491fbcad6dd225c5bd24681c2cd52a2f40a55ce"
+checksum = "da64cb31e0bfe8b1d2d13956ef9fd5c77545756a1a6ef0e6cfd44e8f1f207aed"
 dependencies = [
 "anyhow",
 "heck 0.4.1",
@ -5395,9 +5332,9 @@ dependencies = [

 [[package]]
 name = "wiggle-macro"
-version = "18.0.3"
+version = "20.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d83f31d1c1a0d87842f1a2bf40bd230e25ba790c450f0d0ddb84524fd6955958"
+checksum = "900b2416ef2ff2903ded6cf55d4a941fed601bf56a8c4874856d7a77c1891994"
 dependencies = [
 "proc-macro2",
 "quote",
@ -5438,17 +5375,18 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"

 [[package]]
 name = "winch-codegen"
-version = "0.16.3"
+version = "0.18.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e0bd4d6cac8d69525d475d0ce1e0801eb6f314d42e764a52bd497ed3cb9c371"
+checksum = "fb23450977f9d4a23c02439cf6899340b2d68887b19465c5682740d9cc37d52e"
 dependencies = [
 "anyhow",
- "cranelift-codegen 0.105.3",
+ "cranelift-codegen 0.107.0",
 "gimli 0.28.1",
 "regalloc2 0.9.3",
 "smallvec",
 "target-lexicon",
- "wasmparser 0.121.2",
+ "wasmparser 0.202.0",
+ "wasmtime-cranelift",
 "wasmtime-environ",
 ]

@ -5682,9 +5620,9 @@ dependencies = [

 [[package]]
 name = "wit-parser"
-version = "0.13.2"
+version = "0.202.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "316b36a9f0005f5aa4b03c39bc3728d045df136f8c13a73b7db4510dec725e08"
+checksum = "744237b488352f4f27bca05a10acb79474415951c450e52ebd0da784c1df2bcc"
 dependencies = [
 "anyhow",
 "id-arena",
@ -5695,6 +5633,7 @@ dependencies = [
 "serde_derive",
 "serde_json",
 "unicode-xid",
+ "wasmparser 0.202.0",
 ]

 [[package]]
@ -5764,11 +5703,11 @@ dependencies = [
 "tracing-journald",
 "tracing-subscriber",
 "vergen",
+ "wasi-common",
 "wasmedge-sdk",
 "wasmer",
 "wasmer-wasix",
 "wasmtime",
- "wasmtime-wasi",
 ]

 [[package]]
@ -5793,20 +5732,19 @@ dependencies = [

 [[package]]
 name = "zstd"
-version = "0.11.2+zstd.1.5.2"
+version = "0.13.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "20cc960326ece64f010d2d2107537f26dc589a6573a316bd5b1dba685fa5fde4"
+checksum = "2d789b1514203a1120ad2429eae43a7bd32b90976a7bb8a05f7ec02fa88cc23a"
 dependencies = [
 "zstd-safe",
 ]

 [[package]]
 name = "zstd-safe"
-version = "5.0.2+zstd.1.5.2"
+version = "7.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1d2a5585e04f9eea4b2a3d1eca508c4dee9592a89ef6f450c11719da0726f4db"
+checksum = "1cd99b45c6bc03a018c8b8a86025678c87e55526064e38f9df301989dce7ec0a"
 dependencies = [
- "libc",
 "zstd-sys",
 ]

--- a/Cross.toml
+++ b/Cross.toml
@ -1,5 +1,6 @@
 [build]
 default-target = "x86_64-unknown-linux-gnu"
+env.passthrough = ["XDG_RUNTIME_DIR"]

 [target.aarch64-unknown-linux-gnu]
 dockerfile = "cross/Dockerfile.gnu"
--- a/crates/libcgroups/Cargo.toml
+++ b/crates/libcgroups/Cargo.toml
@ -29,7 +29,7 @@ rbpf = { version = "0.2.0", optional = true }
 libbpf-sys = { version = "1.4.0", optional = true }
 errno = { version = "0.3.8", optional = true }
 libc = { version = "0.2.153", optional = true }
-thiserror = "1.0.58"
+thiserror = "1.0.59"
 tracing = { version = "0.1.40", features = ["attributes"] }

 [dev-dependencies]
@ -41,5 +41,5 @@ clap = "4.1.6"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 env_logger = "0.11"
-serial_test = "3.0.0"
+serial_test = "3.1.0"
 tempfile = "3"
--- a/crates/libcgroups/src/systemd/dbus_native/client.rs
+++ b/crates/libcgroups/src/systemd/dbus_native/client.rs
@ -26,4 +26,11 @@ pub trait SystemdClient {
    fn systemd_version(&self) -> Result<u32, SystemdClientError>;

    fn control_cgroup_root(&self) -> Result<PathBuf, SystemdClientError>;
+
+    fn add_process_to_unit(
+        &self,
+        unit_name: &str,
+        subcgroup: &str,
+        pid: u32,
+    ) -> Result<(), SystemdClientError>;
 }
--- a/crates/libcgroups/src/systemd/dbus_native/dbus.rs
+++ b/crates/libcgroups/src/systemd/dbus_native/dbus.rs
@ -453,6 +453,10 @@ impl SystemdClient for DbusConnection {
        let cgroup_root = proxy.control_group()?;
        Ok(PathBuf::from(&cgroup_root))
    }
+    fn add_process_to_unit(&self, unit_name: &str, subcgroup: &str, pid: u32) -> Result<()> {
+        let proxy = self.create_proxy();
+        proxy.attach_process(unit_name, subcgroup, pid)
+    }
 }

 #[cfg(test)]
--- a/crates/libcgroups/src/systemd/dbus_native/proxy.rs
+++ b/crates/libcgroups/src/systemd/dbus_native/proxy.rs
@ -239,4 +239,11 @@ impl<'conn> Proxy<'conn> {
            v => panic!("control group expected string variant, got {:?} instead", v),
        }
    }
+    pub fn attach_process(&self, name: &str, cgroup: &str, pid: u32) -> Result<()> {
+        self.method_call::<_, ()>(
+            "org.freedesktop.systemd1.Manager",
+            "AttachProcessesToUnit",
+            Some((name, cgroup, vec![pid])),
+        )
+    }
 }
--- a/crates/libcgroups/src/systemd/manager.rs
+++ b/crates/libcgroups/src/systemd/manager.rs
@ -353,6 +353,12 @@ impl CgroupManager for Manager {
        if pid.as_raw() == -1 {
            return Ok(());
        }
+        if self.client.transient_unit_exists(&self.unit_name) {
+            tracing::debug!("Transient unit {:?} already exists", self.unit_name);
+            self.client
+                .add_process_to_unit(&self.unit_name, "", pid.as_raw() as u32)?;
+            return Ok(());
+        }

        tracing::debug!("Starting {:?}", self.unit_name);
        self.client.start_transient_unit(
@ -430,8 +436,11 @@ mod tests {
    use anyhow::{Context, Result};

    use super::*;
-    use crate::systemd::dbus_native::{
-        client::SystemdClient, serialize::Variant, utils::SystemdClientError,
+    use crate::{
+        common::DEFAULT_CGROUP_ROOT,
+        systemd::dbus_native::{
+            client::SystemdClient, serialize::Variant, utils::SystemdClientError,
+        },
    };

    struct TestSystemdClient {}
@ -474,6 +483,15 @@ mod tests {
        fn control_cgroup_root(&self) -> Result<PathBuf, SystemdClientError> {
            Ok(PathBuf::from("/"))
        }
+
+        fn add_process_to_unit(
+            &self,
+            _unit_name: &str,
+            _subcgroup: &str,
+            _pid: u32,
+        ) -> Result<(), SystemdClientError> {
+            Ok(())
+        }
    }

    #[test]
@ -528,4 +546,36 @@ mod tests {

        Ok(())
    }
+    #[test]
+    fn test_task_addition() {
+        let manager = Manager::new(
+            DEFAULT_CGROUP_ROOT.into(),
+            ":youki:test".into(),
+            "youki_test_container".into(),
+            false,
+        )
+        .unwrap();
+        let mut p1 = std::process::Command::new("sleep")
+            .arg("1s")
+            .spawn()
+            .unwrap();
+        let p1_id = nix::unistd::Pid::from_raw(p1.id() as i32);
+        let mut p2 = std::process::Command::new("sleep")
+            .arg("1s")
+            .spawn()
+            .unwrap();
+        let p2_id = nix::unistd::Pid::from_raw(p2.id() as i32);
+        manager.add_task(p1_id).unwrap();
+        manager.add_task(p2_id).unwrap();
+        let all_pids = manager.get_all_pids().unwrap();
+        assert!(all_pids.contains(&p1_id));
+        assert!(all_pids.contains(&p2_id));
+        // wait till both processes are finished so we can cleanup the cgroup
+        let _ = p1.wait();
+        let _ = p2.wait();
+        manager.remove().unwrap();
+        // the remove call above should remove the dir, we just do this again
+        // for contingency, and thus ignore the result
+        let _ = fs::remove_dir(&manager.full_path);
+    }
 }
--- a/crates/libcgroups/src/v2/manager.rs
+++ b/crates/libcgroups/src/v2/manager.rs
@ -151,6 +151,10 @@ impl CgroupManager for Manager {
    type Error = V2ManagerError;

    fn add_task(&self, pid: Pid) -> Result<(), Self::Error> {
+        if self.full_path.exists() {
+            common::write_cgroup_file(self.full_path.join(CGROUP_PROCS), pid)?;
+            return Ok(());
+        }
        self.create_unified_cgroup(pid)?;
        Ok(())
    }
--- a/crates/libcontainer/Cargo.toml
+++ b/crates/libcontainer/Cargo.toml
@ -50,7 +50,7 @@ serde_json = "1.0"
 rust-criu = "0.4.0"
 protobuf = "= 3.2.0" # https://github.com/checkpoint-restore/rust-criu/issues/19
 regex = "1.10.4"
-thiserror = "1.0.58"
+thiserror = "1.0.59"
 tracing = { version = "0.1.40", features = ["attributes"] }
 safe-path = "0.1.0"
 nc = "0.8.20"
@ -58,7 +58,7 @@ nc = "0.8.20"
 [dev-dependencies]
 oci-spec = { version = "~0.6.4", features = ["proptests", "runtime"] }
 quickcheck = "1"
-serial_test = "3.0.0"
+serial_test = "3.1.0"
 tempfile = "3"
 anyhow = "1.0"
 rand = { version = "0.8.5" }
--- a/crates/libcontainer/src/config.rs
+++ b/crates/libcontainer/src/config.rs
@ -47,7 +47,7 @@ pub struct YoukiConfig {
 }

 impl<'a> YoukiConfig {
-    pub fn from_spec(spec: &'a Spec, container_id: &str, new_user_ns: bool) -> Result<Self> {
+    pub fn from_spec(spec: &'a Spec, container_id: &str) -> Result<Self> {
        Ok(YoukiConfig {
            hooks: spec.hooks().clone(),
            cgroup_path: utils::get_cgroup_path(
@ -56,7 +56,6 @@ impl<'a> YoukiConfig {
                    .ok_or(ConfigError::MissingLinux)?
                    .cgroups_path(),
                container_id,
-                new_user_ns,
            ),
        })
    }
@ -106,10 +105,13 @@ mod tests {
    fn test_config_from_spec() -> Result<()> {
        let container_id = "sample";
        let spec = Spec::default();
-        let config = YoukiConfig::from_spec(&spec, container_id, false)?;
+        let config = YoukiConfig::from_spec(&spec, container_id)?;
        assert_eq!(&config.hooks, spec.hooks());
        dbg!(&config.cgroup_path);
-        assert_eq!(config.cgroup_path, PathBuf::from(container_id));
+        assert_eq!(
+            config.cgroup_path,
+            PathBuf::from(format!(":youki:{container_id}"))
+        );
        Ok(())
    }

@ -118,7 +120,7 @@ mod tests {
        let container_id = "sample";
        let tmp = tempfile::tempdir().expect("create temp dir");
        let spec = Spec::default();
-        let config = YoukiConfig::from_spec(&spec, container_id, false)?;
+        let config = YoukiConfig::from_spec(&spec, container_id)?;
        config.save(&tmp)?;
        let act = YoukiConfig::load(&tmp)?;
        assert_eq!(act, config);
--- a/crates/libcontainer/src/container/builder_impl.rs
+++ b/crates/libcontainer/src/container/builder_impl.rs
@ -68,11 +68,7 @@ impl ContainerBuilderImpl {

    fn run_container(&mut self) -> Result<Pid, LibcontainerError> {
        let linux = self.spec.linux().as_ref().ok_or(MissingSpecError::Linux)?;
-        let cgroups_path = utils::get_cgroup_path(
-            linux.cgroups_path(),
-            &self.container_id,
-            self.user_ns_config.is_some(),
-        );
+        let cgroups_path = utils::get_cgroup_path(linux.cgroups_path(), &self.container_id);
        let cgroup_config = libcgroups::common::CgroupConfig {
            cgroup_path: cgroups_path,
            systemd_cgroup: self.use_systemd || self.user_ns_config.is_some(),
@ -186,11 +182,7 @@ impl ContainerBuilderImpl {

    fn cleanup_container(&self) -> Result<(), LibcontainerError> {
        let linux = self.spec.linux().as_ref().ok_or(MissingSpecError::Linux)?;
-        let cgroups_path = utils::get_cgroup_path(
-            linux.cgroups_path(),
-            &self.container_id,
-            self.user_ns_config.is_some(),
-        );
+        let cgroups_path = utils::get_cgroup_path(linux.cgroups_path(), &self.container_id);
        let cmanager =
            libcgroups::common::create_cgroup_manager(libcgroups::common::CgroupConfig {
                cgroup_path: cgroups_path,
--- a/crates/libcontainer/src/container/container.rs
+++ b/crates/libcontainer/src/container/container.rs
@ -332,8 +332,7 @@ mod tests {
        let tmp_dir = tempfile::tempdir().unwrap();
        use oci_spec::runtime::Spec;
        let spec = Spec::default();
-        let config =
-            YoukiConfig::from_spec(&spec, "123", false).context("convert spec to config")?;
+        let config = YoukiConfig::from_spec(&spec, "123").context("convert spec to config")?;
        config.save(tmp_dir.path()).context("save config")?;

        let container = Container {
--- a/crates/libcontainer/src/container/init_builder.rs
+++ b/crates/libcontainer/src/container/init_builder.rs
@ -88,7 +88,7 @@ impl InitContainerBuilder {

        let user_ns_config = UserNamespaceConfig::new(&spec)?;

-        let config = YoukiConfig::from_spec(&spec, container.id(), user_ns_config.is_some())?;
+        let config = YoukiConfig::from_spec(&spec, container.id())?;
        config.save(&container_dir).map_err(|err| {
            tracing::error!(?container_dir, "failed to save config: {}", err);
            err
--- a/crates/libcontainer/src/container/tenant_builder.rs
+++ b/crates/libcontainer/src/container/tenant_builder.rs
@ -327,9 +327,17 @@ impl TenantContainerBuilder {

        let init_process = procfs::process::Process::new(container_pid.as_raw())?;
        let ns = self.get_namespaces(init_process.namespaces()?.0)?;
-        let linux = LinuxBuilder::default().namespaces(ns).build()?;

+        // it should never be the case that linux is not present in spec
+        let spec_linux = spec.linux().as_ref().unwrap();
+        let mut linux_builder = LinuxBuilder::default().namespaces(ns);
+
+        if let Some(ref cgroup_path) = spec_linux.cgroups_path() {
+            linux_builder = linux_builder.cgroups_path(cgroup_path.clone());
+        }
+        let linux = linux_builder.build()?;
        spec.set_process(Some(process)).set_linux(Some(linux));
+
        Ok(())
    }

--- a/crates/libcontainer/src/tty.rs
+++ b/crates/libcontainer/src/tty.rs
@ -224,12 +224,25 @@ mod tests {
    #[serial]
    fn test_setup_console() {
        let init = setup();
+        // duplicate the existing std* fds
+        // we need to restore them later, and we cannot simply store them
+        // as they themselves get modified in setup_console
+        let old_stdin: RawFd = nix::unistd::dup(StdIO::Stdin.into()).unwrap();
+        let old_stdout: RawFd = nix::unistd::dup(StdIO::Stdout.into()).unwrap();
+        let old_stderr: RawFd = nix::unistd::dup(StdIO::Stderr.into()).unwrap();
+
        assert!(init.is_ok());
        let (testdir, rundir_path, socket_path) = init.unwrap();
        let lis = UnixListener::bind(Path::join(testdir.path(), "console-socket"));
        assert!(lis.is_ok());
        let fd = setup_console_socket(&rundir_path, &socket_path, CONSOLE_SOCKET);
        let status = setup_console(&fd.unwrap());
+
+        // restore the original std* before doing final assert
+        dup2(old_stdin, StdIO::Stdin.into()).unwrap();
+        dup2(old_stdout, StdIO::Stdout.into()).unwrap();
+        dup2(old_stderr, StdIO::Stderr.into()).unwrap();
+
        assert!(status.is_ok());
    }
 }
--- a/crates/libcontainer/src/utils.rs
+++ b/crates/libcontainer/src/utils.rs
@ -147,17 +147,10 @@ pub fn get_user_home(uid: u32) -> Option<PathBuf> {
 }

 /// If None, it will generate a default path for cgroups.
-pub fn get_cgroup_path(
-    cgroups_path: &Option<PathBuf>,
-    container_id: &str,
-    new_user_ns: bool,
-) -> PathBuf {
+pub fn get_cgroup_path(cgroups_path: &Option<PathBuf>, container_id: &str) -> PathBuf {
    match cgroups_path {
        Some(cpath) => cpath.clone(),
-        None => match new_user_ns {
-            false => PathBuf::from(container_id),
-            true => PathBuf::from(format!(":youki:{container_id}")),
-        },
+        None => PathBuf::from(format!(":youki:{container_id}")),
    }
 }

@ -323,11 +316,11 @@ mod tests {
    fn test_get_cgroup_path() {
        let cid = "sample_container_id";
        assert_eq!(
-            get_cgroup_path(&None, cid, false),
-            PathBuf::from("sample_container_id")
+            get_cgroup_path(&None, cid),
+            PathBuf::from(":youki:sample_container_id")
        );
        assert_eq!(
-            get_cgroup_path(&Some(PathBuf::from("/youki")), cid, false),
+            get_cgroup_path(&Some(PathBuf::from("/youki")), cid),
            PathBuf::from("/youki")
        );
    }
--- a/crates/youki/Cargo.toml
+++ b/crates/youki/Cargo.toml
@ -19,7 +19,7 @@ cgroupsv2_devices = ["libcgroups/cgroupsv2_devices", "libcontainer/cgroupsv2_dev

 wasm-wasmer = ["wasmer", "wasmer-wasix"]
 wasm-wasmedge = ["wasmedge-sdk/standalone", "wasmedge-sdk/static"]
-wasm-wasmtime = ["wasmtime", "wasmtime-wasi"]
+wasm-wasmtime = ["wasmtime", "wasi-common"]

 [dependencies.clap]
 version = "4.1.6"
@ -44,14 +44,14 @@ caps = "0.5.5"
 wasmer = { version = "4.0.0", optional = true }
 wasmer-wasix = { version = "0.9.0", optional = true }
 wasmedge-sdk = { version = "0.13.2", optional = true }
-wasmtime = { version = "18.0.3", optional = true }
-wasmtime-wasi = { version = "18.0.3", optional = true }
+wasmtime = { version = "20.0.0", optional = true }
+wasi-common = { version = "20.0.0", optional = true }
 tracing = { version = "0.1.40", features = ["attributes"] }
 tracing-subscriber = { version = "0.3.18", features = ["json", "env-filter"] }
 tracing-journald = "0.3.0"

 [dev-dependencies]
-serial_test = "3.0.0"
+serial_test = "3.1.0"
 tempfile = "3"
 scopeguard = "1.2.0"

--- a/crates/youki/src/commands/features.rs
+++ b/crates/youki/src/commands/features.rs
@ -1,8 +1,276 @@
 //! Contains Functionality of `features` container command
 use anyhow::Result;
+use caps::{all, CapSet};
 use liboci_cli::Features;
+use serde::{Deserialize, Serialize};
+use std::collections::HashMap;
+use std::path::Path;
+
+pub const ANNOTATION_RUNC_VERSION: &str = "org.opencontainers.runc.version";
+pub const ANNOTATION_RUNC_COMMIT: &str = "org.opencontainers.runc.commit";
+pub const ANNOTATION_RUNC_CHECKPOINT_ENABLED: &str = "org.opencontainers.runc.checkpoint.enabled";
+pub const ANNOTATION_LIBSECCOMP_VERSION: &str = "io.github.seccomp.libseccomp.version";
+
+#[derive(Debug, Serialize, Deserialize)]
+pub struct HardFeatures {
+    // Minimum OCI Runtime Spec version recognized by the runtime, e.g., "1.0.0".
+    oci_version_min: Option<String>,
+    // Maximum OCI Runtime Spec version recognized by the runtime, e.g., "1.0.2-dev".
+    oci_version_max: Option<String>,
+    // List of the recognized hook names, e.g., "createRuntime".
+    hooks: Option<Vec<String>>,
+    // List of the recognized mount options, e.g., "ro".
+    mount_options: Option<Vec<String>>,
+    // Specific to Linux.
+    linux: Option<Linux>,
+    // Contains implementation-specific annotation strings.
+    annotations: Option<std::collections::HashMap<String, String>>,
+}
+
+// Specific to Linux.
+#[derive(Debug, Serialize, Deserialize)]
+pub struct Linux {
+    // List of the recognized namespaces, e.g., "mount".
+    namespaces: Option<Vec<String>>,
+    // List of the recognized capabilities, e.g., "CAP_SYS_ADMIN".
+    capabilities: Option<Vec<String>>,
+    cgroup: Option<Cgroup>,
+    seccomp: Option<Seccomp>,
+    apparmor: Option<Apparmor>,
+    selinux: Option<Selinux>,
+}
+
+#[derive(Debug, Serialize, Deserialize)]
+struct Seccomp {
+    enabled: Option<bool>,
+    actions: Option<Vec<String>>,
+    operators: Option<Vec<String>>,
+    archs: Option<Vec<String>>,
+}
+
+#[derive(Debug, Serialize, Deserialize)]
+struct Apparmor {
+    enabled: Option<bool>,
+}
+
+#[derive(Debug, Serialize, Deserialize)]
+struct Selinux {
+    enabled: Option<bool>,
+}
+
+#[derive(Debug, Serialize, Deserialize)]
+struct Cgroup {
+    v1: Option<bool>,
+    v2: Option<bool>,
+    systemd: Option<bool>,
+    systemd_user: Option<bool>,
+}
+
+// Function to query and return capabilities
+fn query_caps() -> Result<Vec<String>> {
+    let mut available_caps = Vec::new();
+
+    for cap in all() {
+        // Check if the capability is in the permitted set
+        if caps::has_cap(None, CapSet::Permitted, cap).unwrap_or(false) {
+            available_caps.push(format!("{:?}", cap));
+        }
+    }
+
+    Ok(available_caps)
+}
+
+// Function to query and return namespaces
+fn query_supported_namespaces() -> Result<Vec<String>> {
+    let mut supported_namespaces = Vec::new();
+
+    let ns_types = vec!["pid", "net", "uts", "ipc", "mnt", "user", "cgroup", "time"];
+
+    for ns in ns_types {
+        let ns_path = format!("/proc/self/ns/{}", ns);
+        if Path::new(&ns_path).exists() {
+            supported_namespaces.push(ns.to_string());
+        }
+    }
+
+    Ok(supported_namespaces)
+}

 /// lists all existing containers
 pub fn features(_: Features) -> Result<()> {
+    // Query supported namespaces
+    let namespaces = match query_supported_namespaces() {
+        Ok(ns) => ns,
+        Err(e) => {
+            eprintln!("Error querying supported namespaces: {}", e);
+            Vec::new()
+        }
+    };
+
+    // Query available capabilities
+    let capabilities = match query_caps() {
+        Ok(caps) => caps,
+        Err(e) => {
+            eprintln!("Error querying available capabilities: {}", e);
+            Vec::new()
+        }
+    };
+
+    let features = HardFeatures {
+        oci_version_min: Some(String::from("1.0.0")),
+        oci_version_max: Some(String::from("1.0.2-dev")),
+        hooks: Some(vec![
+            String::from("prestart"),
+            String::from("createRuntime"),
+            String::from("createContainer"),
+            String::from("startContainer"),
+            String::from("poststart"),
+            String::from("poststop"),
+        ]),
+        mount_options: Some(vec![
+            String::from("acl"),
+            String::from("async"),
+            String::from("atime"),
+            String::from("bind"),
+            String::from("defaults"),
+            String::from("dev"),
+            String::from("diratime"),
+            String::from("dirsync"),
+            String::from("exec"),
+            String::from("iversion"),
+            String::from("lazytime"),
+            String::from("loud"),
+            String::from("mand"),
+            String::from("noacl"),
+            String::from("noatime"),
+            String::from("nodev"),
+            String::from("nodiratime"),
+            String::from("noexec"),
+            String::from("noiversion"),
+            String::from("nolazytime"),
+            String::from("nomand"),
+            String::from("norelatime"),
+            String::from("nostrictatime"),
+            String::from("nosuid"),
+            String::from("nosymfollow"),
+            String::from("private"),
+            String::from("ratime"),
+            String::from("rbind"),
+            String::from("rdev"),
+            String::from("rdiratime"),
+            String::from("relatime"),
+            String::from("remount"),
+            String::from("rexec"),
+            String::from("rnoatime"),
+            String::from("rnodev"),
+            String::from("rnodiratime"),
+            String::from("rnoexec"),
+            String::from("rnorelatime"),
+            String::from("rnostrictatime"),
+            String::from("rnosuid"),
+            String::from("rnosymfollow"),
+            String::from("ro"),
+            String::from("rprivate"),
+            String::from("rrelatime"),
+            String::from("rro"),
+            String::from("rrw"),
+            String::from("rshared"),
+            String::from("rslave"),
+            String::from("rstrictatime"),
+            String::from("rsuid"),
+            String::from("rsymfollow"),
+            String::from("runbindable"),
+            String::from("rw"),
+            String::from("shared"),
+            String::from("silent"),
+            String::from("slave"),
+            String::from("strictatime"),
+            String::from("suid"),
+            String::from("symfollow"),
+            String::from("sync"),
+            String::from("tmpcopyup"),
+            String::from("unbindable"),
+        ]),
+        linux: Some(Linux {
+            namespaces: Some(namespaces),
+            capabilities: Some(capabilities),
+            cgroup: Some(Cgroup {
+                v1: Some(true),
+                v2: Some(true),
+                systemd: Some(true),
+                systemd_user: Some(true),
+            }),
+            seccomp: Some(Seccomp {
+                enabled: Some(true),
+                actions: Some(vec![
+                    String::from("SCMP_ACT_ALLOW"),
+                    String::from("SCMP_ACT_ERRNO"),
+                    String::from("SCMP_ACT_KILL"),
+                    String::from("SCMP_ACT_KILL_PROCESS"),
+                    String::from("SCMP_ACT_KILL_THREAD"),
+                    String::from("SCMP_ACT_LOG"),
+                    String::from("SCMP_ACT_NOTIFY"),
+                    String::from("SCMP_ACT_TRACE"),
+                    String::from("SCMP_ACT_TRAP"),
+                ]),
+                operators: Some(vec![
+                    String::from("SCMP_CMP_EQ"),
+                    String::from("SCMP_CMP_GE"),
+                    String::from("SCMP_CMP_GT"),
+                    String::from("SCMP_CMP_LE"),
+                    String::from("SCMP_CMP_LT"),
+                    String::from("SCMP_CMP_MASKED_EQ"),
+                    String::from("SCMP_CMP_NE"),
+                ]),
+                archs: Some(vec![
+                    String::from("SCMP_ARCH_AARCH64"),
+                    String::from("SCMP_ARCH_ARM"),
+                    String::from("SCMP_ARCH_MIPS"),
+                    String::from("SCMP_ARCH_MIPS64"),
+                    String::from("SCMP_ARCH_MIPS64N32"),
+                    String::from("SCMP_ARCH_MIPSEL"),
+                    String::from("SCMP_ARCH_MIPSEL64"),
+                    String::from("SCMP_ARCH_MIPSEL64N32"),
+                    String::from("SCMP_ARCH_PPC"),
+                    String::from("SCMP_ARCH_PPC64"),
+                    String::from("SCMP_ARCH_PPC64LE"),
+                    String::from("SCMP_ARCH_RISCV64"),
+                    String::from("SCMP_ARCH_S390"),
+                    String::from("SCMP_ARCH_S390X"),
+                    String::from("SCMP_ARCH_X32"),
+                    String::from("SCMP_ARCH_X86"),
+                    String::from("SCMP_ARCH_X86_64"),
+                ]),
+            }),
+            apparmor: Some(Apparmor {
+                enabled: Some(true),
+            }),
+            selinux: Some(Selinux {
+                enabled: Some(true),
+            }),
+        }),
+        annotations: {
+            let mut annotations_map = HashMap::new();
+            annotations_map.insert(
+                ANNOTATION_LIBSECCOMP_VERSION.to_string(),
+                String::from("2.5.3"),
+            );
+            annotations_map.insert(
+                ANNOTATION_RUNC_CHECKPOINT_ENABLED.to_string(),
+                String::from("true"),
+            );
+            annotations_map.insert(
+                ANNOTATION_RUNC_COMMIT.to_string(),
+                String::from("v1.1.9-0-gccaecfc"),
+            );
+            annotations_map.insert(ANNOTATION_RUNC_VERSION.to_string(), String::from("1.1.9"));
+            Some(annotations_map)
+        },
+    };
+
+    // Print out the created struct to verify
+    let pretty_json_str = serde_json::to_string_pretty(&features)?;
+    println!("{}", pretty_json_str);
+
    Ok(())
 }
--- a/crates/youki/src/workload/wasmtime.rs
+++ b/crates/youki/src/workload/wasmtime.rs
@ -1,6 +1,6 @@
 use libcontainer::oci_spec::runtime::Spec;
-use wasmtime::*;
-use wasmtime_wasi::WasiCtxBuilder;
+use wasi_common::sync::{add_to_linker, WasiCtxBuilder};
+use wasmtime::{Engine, Linker, Module, Store};

 use libcontainer::workload::{Executor, ExecutorError, ExecutorValidationError, EMPTY};

@ -59,7 +59,7 @@ impl Executor for WasmtimeExecutor {
        })?;

        let mut linker = Linker::new(&engine);
-        wasmtime_wasi::add_to_linker(&mut linker, |s| s).map_err(|err| {
+        add_to_linker(&mut linker, |s| s).map_err(|err| {
            tracing::error!(err = ?err, "cannot add wasi context to linker");
            ExecutorError::Other("cannot add wasi context to linker".to_string())
        })?;
--- a/cross/Dockerfile.gnu
+++ b/cross/Dockerfile.gnu
@ -13,3 +13,6 @@ RUN dpkg --add-architecture ${CROSS_DEB_ARCH} && \
    zlib1g-dev:${CROSS_DEB_ARCH} \
    # dependencies to build wasmedge-sys
    libzstd-dev:${CROSS_DEB_ARCH}
+
+COPY hack/busctl.sh /bin/busctl
+RUN chmod +x /bin/busctl
--- a/cross/Dockerfile.musl
+++ b/cross/Dockerfile.musl
@ -22,6 +22,9 @@ ENV LIBSECCOMP_LIB_PATH="${CROSS_SYSROOT}/lib"
 ENV WASMEDGE_DEP_STDCXX_LINK_TYPE="static"
 ENV WASMEDGE_DEP_STDCXX_LIB_PATH="${CROSS_SYSROOT}/lib"

+COPY hack/busctl.sh /bin/busctl
+RUN chmod +x /bin/busctl
+
 # wasmedge-sys (through llvm) needs some symbols defined in libgcc
 RUN mkdir /.cargo && cat <<'EOF' > /.cargo/config.toml
 [target.'cfg(target_env = "musl")']
--- a/experiment/seccomp/src/instruction/arch.rs
+++ b/experiment/seccomp/src/instruction/arch.rs
@ -11,7 +11,7 @@ pub fn gen_validate(arc: &Arch) -> Vec<Instruction> {
    };

    vec![
-        Instruction::stmt(BPF_LD | BPF_W | BPF_ABS, SECCOMP_DATA_ARCH_OFFSET as u32),
+        Instruction::stmt(BPF_LD | BPF_W | BPF_ABS, seccomp_data_arch_offset() as u32),
        Instruction::jump(BPF_JMP | BPF_JEQ | BPF_K, 1, 0, arch),
        Instruction::stmt(BPF_RET | BPF_K, SECCOMP_RET_KILL_PROCESS),
    ]
--- a/experiment/seccomp/src/instruction/consts.rs
+++ b/experiment/seccomp/src/instruction/consts.rs
@ -1,3 +1,5 @@
+use std::{mem::offset_of, os::raw::c_int};
+
 // BPF Instruction classes.
 // See /usr/include/linux/bpf_common.h .
 // Load operation.
@ -56,8 +58,51 @@ pub const AUDIT_ARCH_AARCH64: u32 = 183 | 0x8000_0000 | 0x4000_0000;
 //     __u64 args[6];
 // };
 // ```
-pub const SECCOMP_DATA_ARCH_OFFSET: u8 = 4;
-pub const SECCOMP_DATA_ARGS_OFFSET: u8 = 16;
-pub const SECCOMP_DATA_ARG_SIZE: u8 = 8;
+
+#[repr(C)]
+struct SeccompData {
+    nr: c_int,
+    arch: u32,
+    instruction_pointer: u64,
+    args: [u64; 6],
+}
+
+pub const fn seccomp_data_arch_offset() -> u8 {
+    offset_of!(SeccompData, arch) as u8
+}
+
+pub const fn seccomp_data_arg_size() -> u8 {
+    8
+}
+
+pub const fn seccomp_data_args_offset() -> u8 {
+    offset_of!(SeccompData, args) as u8
+}

 pub const SECCOMP_IOC_MAGIC: u8 = b'!';
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_seccomp_data_arch_offset() {
+        if cfg!(target_arch = "x86_64") {
+            assert_eq!(seccomp_data_arch_offset(), 4);
+        }
+    }
+
+    #[test]
+    fn test_seccomp_data_arg_size_offset() {
+        if cfg!(target_arch = "x86_64") {
+            assert_eq!(seccomp_data_arg_size_offset(), 8);
+        }
+    }
+
+    #[test]
+    fn test_seccomp_data_args_offset() {
+        if cfg!(target_arch = "x86_64") {
+            assert_eq!(seccomp_data_args_offset(), 16);
+        }
+    }
+}
--- a/hack/busctl.sh
+++ b/hack/busctl.sh
@ -0,0 +1,14 @@
+#!/bin/sh
+
+# This hack script is the dummy busctl command used when running tests with cross containers.
+
+# The issue is that we cannot run systemd or dbus inside the test container without a lot 
+# of hacks. For one specific test - test_task_addition, we need to check that the task
+# addition via systemd manager works. We mount the host dbus socket in the test container, so 
+# dbus calls work, but for the initial authentication, we use busctl which needs dbus and systemd
+# to be present and running. So instead of doing all that, we simply run the container with the 
+# actual test running user's uid/gid and here we echo the only relevant line from busctl's 
+# output, using id to get the uid. This is a hack, but less complex than actually setting up
+# and running the systemd+dbus inside the container.
+
+echo "OwnerUID=$(id -u)"
--- a/scripts/cargo.sh
+++ b/scripts/cargo.sh
@ -56,7 +56,11 @@ if [ "$CARGO" == "cross" ]; then

    # mount run to have access to dbus socket.
    # mount /tmp so as shared for test_make_parent_mount_private
-    export CROSS_CONTAINER_OPTS="--privileged -v/run:/run --mount=type=bind,source=/tmp,destination=/tmp,bind-propagation=shared"
+    # Then there are few "hacks" specificallt for test_task_addition
+    # run with user same as the invoking user, so that the dbus is connected with correct user
+    # we want pid ns of host, because we will be connecting to the host dbus, and it needs task pid from host
+    # finally we need to mount the cgroup as read-only, as we need that to check if the tasks are correctly added
+    export CROSS_CONTAINER_OPTS="--privileged --user `id -u`:`id -g` --pid=host -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v/run:/run --mount=type=bind,source=/tmp,destination=/tmp,bind-propagation=shared"
 fi

 if [ "$1" == "--print-target-dir" ]; then
--- a/tests/rootless-tests/run.sh
+++ b/tests/rootless-tests/run.sh
@ -10,9 +10,35 @@ podman rm --force --ignore create-test # remove if existing
 podman create --runtime $runtime --name create-test hello-world
 log=$(podman start -a create-test)
 echo $log | grep "This message shows that your installation appears to be working correctly"
-podman rm create-test
+podman rm --force --ignore create-test

 rand=$(head -c 10 /dev/random | base64)

 log=$(podman run --runtime $runtime fedora echo "$rand")
-echo $log | grep $rand
+echo $log | grep $rand
+
+podman kill exec-test || true # ignore failure for killing
+podman rm --force --ignore exec-test
+podman run -d --runtime $runtime --name exec-test busybox sleep 10m
+
+rand=$(head -c 10 /dev/random | base64)
+
+log=$(podman exec --runtime $runtime exec-test echo "$rand")
+echo $log | grep $rand
+
+CGROUP_SUB_PATH=$(podman inspect exec-test | jq .[0].State.CgroupPath | tr -d "\"")
+CGROUP_PATH="/sys/fs/cgroup$CGROUP_SUB_PATH/cgroup.procs"
+
+# assert we have exactly one process in the cgroup
+test $(cat $CGROUP_PATH | wc -l) -eq 1
+# assert pid match
+test $(cat $CGROUP_PATH) -eq $(podman inspect exec-test | jq .[0].State.Pid)
+
+podman exec -d --runtime $runtime exec-test sleep 5m
+
+# we cannot exactly check the pid of tenant here, instead just check that there are
+# two processes in the same cgroup now
+test $(cat $CGROUP_PATH | wc -l) -eq 2
+
+podman kill exec-test
+podman rm --force --ignore exec-test
Author	SHA1	Message	Date
Darrell Tang	e58ef3894b	Merge `b069ca6005` into `601df9ecd3`	2024-04-27 16:35:13 -04:00
Yashodhan	601df9ecd3	Fix cgroups determination in exec implementation (#2720 ) * Set cgroups path for tenant containers from main container Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> * Ignore new_user_ns for creating cgroups path Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> * Remove user_ns param completely Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> * Add tests in podman rootless for exec Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> * Fix add_task implementation for cgroups v2 and systemd Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> * minor refactor in tenant builder Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> * Add unit test for systemd add_task function Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> * Fix task addition to properly add tasks via dbus api Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> * Fix cross cotainers for tests running Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com> --------- Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com>	2024-04-27 21:49:58 +09:00
dependabot[bot]	cd9bfd8d79	Bump wasmtime and wasi-common from 19.0.2 to 20.0.0 (#2771 ) * Bump wasi-common from 19.0.2 to 20.0.0 Bumps [wasi-common](https://github.com/bytecodealliance/wasmtime) from 19.0.2 to 20.0.0. - [Release notes](https://github.com/bytecodealliance/wasmtime/releases) - [Changelog](https://github.com/bytecodealliance/wasmtime/blob/main/docs/WASI-some-possible-changes.md) - [Commits](https://github.com/bytecodealliance/wasmtime/compare/v19.0.2...v20.0.0) --- updated-dependencies: - dependency-name: wasi-common dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump wasmtime from 19.0.2 to 20.0.0 Bumps [wasmtime](https://github.com/bytecodealliance/wasmtime) from 19.0.2 to 20.0.0. - [Release notes](https://github.com/bytecodealliance/wasmtime/releases) - [Changelog](https://github.com/bytecodealliance/wasmtime/blob/main/docs/WASI-some-possible-changes.md) - [Commits](https://github.com/bytecodealliance/wasmtime/compare/v19.0.2...v20.0.0) --- updated-dependencies: - dependency-name: wasmtime dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yashodhan Joshi <yjdoc2@gmail.com>	2024-04-24 05:36:17 +00:00
github-actions[bot]	6422adc681	Merge pull request #2766 from containers/dependabot/cargo/rustls-0.21.11	2024-04-22 05:17:10 +00:00
Yashodhan	f8ccba1eae	Merge pull request #2769 from containers/dependabot/cargo/serial_test-3.1.0 Bump serial_test from 3.0.0 to 3.1.0	2024-04-22 10:45:06 +05:30
github-actions[bot]	6139965e61	Merge pull request #2768 from containers/dependabot/cargo/patch-0895eb5417	2024-04-22 00:55:44 +00:00
dependabot[bot]	4046ed54e1	Bump serial_test from 3.0.0 to 3.1.0 Bumps [serial_test](https://github.com/palfrey/serial_test) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/palfrey/serial_test/releases) - [Commits](https://github.com/palfrey/serial_test/compare/v3.0.0...v3.1.0) --- updated-dependencies: - dependency-name: serial_test dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-22 00:46:24 +00:00
dependabot[bot]	1d109fe115	Bump thiserror from 1.0.58 to 1.0.59 in the patch group Bumps the patch group with 1 update: [thiserror](https://github.com/dtolnay/thiserror). Updates `thiserror` from 1.0.58 to 1.0.59 - [Release notes](https://github.com/dtolnay/thiserror/releases) - [Commits](https://github.com/dtolnay/thiserror/compare/1.0.58...1.0.59) --- updated-dependencies: - dependency-name: thiserror dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-22 00:45:31 +00:00
dependabot[bot]	d64d9b3bcd	Bump rustls from 0.21.10 to 0.21.11 Bumps [rustls](https://github.com/rustls/rustls) from 0.21.10 to 0.21.11. - [Release notes](https://github.com/rustls/rustls/releases) - [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md) - [Commits](https://github.com/rustls/rustls/compare/v/0.21.10...v/0.21.11) --- updated-dependencies: - dependency-name: rustls dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-19 19:50:27 +00:00
Toru Komatsu	32e021e1e9	seccomp: Use offset_of! (#2763 ) * seccomp: Use offset_of! Signed-off-by: utam0k <k0ma@utam0k.jp> * Update experiment/seccomp/src/instruction/consts.rs Co-authored-by: Yashodhan <54112038+YJDoc2@users.noreply.github.com> --------- Signed-off-by: utam0k <k0ma@utam0k.jp> Co-authored-by: Yashodhan <54112038+YJDoc2@users.noreply.github.com>	2024-04-18 18:01:14 +05:30
github-actions[bot]	aa9ef54caa	Merge pull request #2765 from containers/dependabot/cargo/patch-35db3952d5	2024-04-18 04:33:45 +00:00
Yashodhan	79f08be664	reset console sockets to original in setup_console test (#2764 ) This way the test logs and failed test stack does not get lost due to setup console being set to different file. Fixes #150 Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com>	2024-04-17 20:57:16 -07:00
dependabot[bot]	1a0cd33cdf	Bump the patch group with 2 updates Bumps the patch group with 2 updates: [wasmtime](https://github.com/bytecodealliance/wasmtime) and [wasi-common](https://github.com/bytecodealliance/wasmtime). Updates `wasmtime` from 19.0.1 to 19.0.2 - [Release notes](https://github.com/bytecodealliance/wasmtime/releases) - [Changelog](https://github.com/bytecodealliance/wasmtime/blob/main/docs/WASI-some-possible-changes.md) - [Commits](https://github.com/bytecodealliance/wasmtime/compare/v19.0.1...v19.0.2) Updates `wasi-common` from 19.0.1 to 19.0.2 - [Release notes](https://github.com/bytecodealliance/wasmtime/releases) - [Changelog](https://github.com/bytecodealliance/wasmtime/blob/main/docs/WASI-some-possible-changes.md) - [Commits](https://github.com/bytecodealliance/wasmtime/compare/v19.0.1...v19.0.2) --- updated-dependencies: - dependency-name: wasmtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch - dependency-name: wasi-common dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-18 00:20:23 +00:00
Yashodhan	342ad60927	update wasmtime dep to 19.0.1, replace wasmtime-wasi with wasi-cmmon (#2752 ) Signed-off-by: Yashodhan Joshi <yjdoc2@gmail.com>	2024-04-17 12:53:10 +05:30
Darrell Tang	b069ca6005	fix extra line for linting Signed-off-by: Darrell Tang <darrelltang@gmail.com>	2024-02-27 17:59:19 -08:00
Darrell Tang	fc12184c0d	fix linting issues Signed-off-by: Darrell Tang <darrelltang@gmail.com>	2024-01-27 16:04:59 -08:00
Darrell Tang	31997ca60d	fix match statements Signed-off-by: Darrell Tang <darrelltang@gmail.com>	2024-01-27 16:04:59 -08:00
Darrell Tang	707141abc6	fix query_caps Signed-off-by: Darrell Tang <darrelltang@gmail.com>	2024-01-27 16:04:59 -08:00
Darrell Tang	cf4145b5ee	try to source namespaces dynamically Signed-off-by: Darrell Tang <darrelltang@gmail.com>	2024-01-27 16:04:59 -08:00
Darrell Tang	d973c8c152	try to source caps dynamically Signed-off-by: Darrell Tang <darrelltang@gmail.com>	2024-01-27 16:04:59 -08:00
Darrell Tang	800521d92e	fix lint issues Signed-off-by: Darrell Tang <darrelltang@gmail.com>	2024-01-27 16:04:59 -08:00
Darrell Tang	763fa0e991	rearrange structs and constants Signed-off-by: Darrell Tang <darrelltang@gmail.com>	2024-01-27 16:04:59 -08:00
Darrell Tang	df9c555f56	clean up names to match runc features output Signed-off-by: Darrell Tang <darrelltang@gmail.com>	2024-01-27 16:04:59 -08:00
Darrell Tang	07ac9742df	pretty print Signed-off-by: Darrell Tang <darrelltang@gmail.com>	2024-01-27 16:04:59 -08:00
Darrell Tang	cfe4069aae	use serde Signed-off-by: Darrell Tang <darrelltang@gmail.com>	2024-01-27 16:04:59 -08:00
Darrell Tang	1a48f3b82c	set as Strings Signed-off-by: Darrell Tang <darrelltang@gmail.com>	2024-01-27 16:04:59 -08:00
Darrell Tang	ea18e74055	fix annotation references Signed-off-by: Darrell Tang <darrelltang@gmail.com>	2024-01-27 16:04:59 -08:00
Darrell Tang	e9a81a5d73	change struct name to resolve conflict Signed-off-by: Darrell Tang <darrelltang@gmail.com>	2024-01-27 16:04:59 -08:00
Darrell Tang	18a85fb09e	try to create new struct for hardcoding Signed-off-by: Darrell Tang <darrelltang@gmail.com>	2024-01-27 16:04:59 -08:00